· ansible chef devops

Chef EC2 Autoscale

This post is essentially just for comparison of how to do the same autoscale with ansible as with chef.

To use chef with an autoscale group, we need to setup the chef-client with the validation key to connect back to the chef-server. Before IAM policies, we would have to do this directly in the userdata script - either by pulling it or writing our passwords there. Now with the IAM group, we can give read-only access to the ec2 instances to an s3 bucket. Here’s the process.

#!/bin/bash
# install chef-client
curl -L https://www.opscode.com/chef/install.sh | sudo bash

# setup the first run
mkdir -p /etc/chef
(
cat << 'EOF'
{"run_list": ["role[YOUR_SERVER_ROLE]"]}
EOF
) > /etc/chef/first-boot.json

# install s3cmd
(
cat << 'EOF'
[default]
access_key =
secret_key = 
security_token =
EOF
) > ~/.s3cfg
apt-get install git -y
git clone https://github.com/s3tools/s3cmd
apt-get install python-dateutil
cd s3cmd
./s3cmd get /etc/chef/validation.pem /etc/chef/
chef-client -j /etc/chef/first-boot.json

We can setup a launch configuration with the IAM role, and voila, autoscaled EC2 instances pulling down the validation.pem from a bucket and then self-configuring.

  • LinkedIn
  • Tumblr
  • Reddit
  • Google+
  • Pinterest
  • Pocket